China unveils its own rival to Anthropic’s Mythos as AI cyberwar race intensifies

China has built its clearest answer yet to Anthropic’s Mythos, turning what started as a U.S. cybersecurity tool into the latest front in the AI arms race.

At a cybersecurity conference in Beijing on Wednesday, Chinese security firm 360 Security Technology introduced two AI systems it says are meant to close a gap China can no longer afford to ignore, according to Reuters. One is built to automatically find software vulnerabilities. The other is meant to automate cyber defense and incident response. Together, they amount to a public declaration that China wants its own version of the kind of AI-powered cyber capability that has already set off alarms in Washington.

The timing matters. Anthropic’s Mythos, first previewed in April, was pitched as a vulnerability-discovery system that could help find serious flaws in software. Security researchers quickly raised a second possibility: a tool that can uncover weaknesses at scale could just as easily become a force multiplier for offensive cyber operations. This month, the U.S. ordered Anthropic to suspend exports of a less powerful version of the system, citing national security concerns.

That decision appears to have sharpened the message coming out of Beijing.

Chinese Cybersecurity Firm 360 Unveils AI Tool to Match Anthropic’s Mythos as U.S. Restricts Anthropic Exports

Speaking at the ISC.AI 2026 conference, 360 founder Zhou Hongyi described one of the company’s new systems, called Tulongfeng, as “China’s version of Mythos.” A second system, Yitianzhen, is built to automate cyber defense and incident response. Both fall under the banner “Yitian Tulong,” a name taken from a classic Chinese martial arts novel that translates to “Heavenly Sword and Dragon Saber.”

Zhou did not frame the tools as just another product launch. He framed them as strategic infrastructure.

“This kind of powerful weapon that can change the landscape of cyber offence and defence cannot be held only by others,” Zhou said in a speech, according to a transcript published by 360.

That line gets to the heart of the story. China and the U.S. have spent years accusing each other of cyber operations targeting critical infrastructure and sensitive networks. What has changed is the role AI may now play in that contest. Systems that can scan code, identify exploitable flaws, rank weaknesses, and automate parts of attack or defence work could compress tasks that once took teams of skilled researchers, turning them into faster, cheaper, and more scalable processes.

That is why Anthropic’s Mythos drew so much attention when it was previewed in April. Anthropic said the system found “thousands” of major vulnerabilities across operating systems, browsers, and other software. That claim helped turn Mythos into more than a product story. It became a national security story.

Zhou’s argument is that China cannot afford to sit on the sidelines if U.S. firms are building systems like that and Chinese companies are locked out of comparable capability. He warned of a “one-way transparency” problem in which U.S. organizations could use Mythos-like systems to scan software and critical infrastructure at scale, leaving Chinese defenders with fewer tools to respond in kind.

360 says Tulongfeng has already identified 3,432 software vulnerabilities, including 105 that have been confirmed by Chinese authorities. Reuters said it could not independently verify those claims. Even so, the number matters less than what 360 is trying to signal: China wants to show it can field a domestic cyber AI system at a time when access to the best U.S. chips and models remains constrained.

That pressure runs through the rest of Zhou’s remarks. Since 2022, Washington has tightened export controls to limit China’s access to advanced U.S. chips, arguing that those chips could help China’s military accelerate AI development. Chinese AI firms have narrowed the gap with American rivals over the past year, but Zhou acknowledged there is still ground to make up.

“Objectively speaking, domestic models still have a 20%-30% gap in base capability,” he said. “China cannot wait until model capabilities have fully caught up before starting vulnerability discovery, because we cannot afford to wait.”

His answer does not match the Anthropic model. Instead, Zhou says 360 is taking what he called an “agent” route: combining AI models with the company’s security expertise, vulnerability databases, and automated tools to produce what he described as Mythos-level results without relying on the same brute-force stack of top-end chips and model scale.

“If Mythos is a top-end chip, what we are building is a complete machine that can run stably, work 24 hours a day and make fewer mistakes,” Zhou said. “If the U.S. route is to cultivate a genius hacker, 360’s route is to organise a professional attack-and-defence team.”

That comparison is revealing. It suggests 360 is pitching its approach less as a pure model race and more as a systems-integration play: take a weaker foundation model, surround it with proprietary data, domain knowledge, and workflow automation, and use the package to close part of the gap. In cybersecurity, that may be enough to matter. Vulnerability discovery is not just a reasoning problem. It is a workflow problem involving context, known exploit patterns, historical bug data, validation, prioritization, and the ability to loop findings into defensive action.

The broader backdrop is a cybersecurity industry already bracing for AI-enabled attacks. Anthropic disclosed last year that hackers exploited vulnerabilities in its Claude AI to target about 30 organizations worldwide. A separate study by IBM and Palo Alto Networks found that 67% of the 1,000 executives surveyed reported being targeted by AI attacks in the previous year.

That helps explain why this story reaches beyond China’s domestic tech scene. If AI systems are becoming central to both vulnerability discovery and cyber defense, then the contest over who gets to build them, deploy them, and restrict them will shape far more than enterprise security budgets. It will shape how governments think about cyber deterrence, export controls, and the balance between commercial AI research and national security.

Zhou is not a fringe voice in that debate. He is one of China’s best-known internet entrepreneurs and a longtime public technology commentator, and he sits on China’s top political advisory body. The company he founded built its reputation in antivirus software before expanding into enterprise and government security. When 360 publicly casts a Mythos-like system as something China cannot afford to lack, it is making a policy argument as much as a product one.

That may be the real significance of Wednesday’s announcement. China is not just introducing another AI security tool. It is making clear that vulnerability-finding AI is now viewed in Beijing as a strategic capability, one tied to critical infrastructure defense, offensive cyber advantage, and technological self-reliance at a moment when access to U.S. chips and models is no longer a given.

If Mythos marked the point at which AI vulnerability hunting became a geopolitical issue, 360’s response shows that the race is no longer theoretical. It has already gone international.